Nick Rogness wrote:
>
> On Sat, 17 Mar 2001, Wes Peters wrote:
>
> [Wes, if you get this, for some reason I can't send to your
> domain.]
>
> You are not understanding what I am trying to say. Once again I'll try to
> clarify.
>
> > > For dual-homed hosts, this is a problem because your packet gets
> > > sent out the default gateway, which may or may not get filtered
> > > upstream. This is usually solved by running a routing deamon but
> > > most upstreams won't allow you to do that anyway (cable,dsl,etc).
> >
> > If you have a dual-homed host that is simply routing an internal LAN to
> > the external network, you don't need anything other than a default route.
> > If it's not bound for the internal network, it goes to the external
> > network, by definition.
> >
>
> Actually, that is not what "dual-homed" in the internet
> world means. Dual homed is having 2 *public* Internet
> connections. That's ISP lingo.
No, that's just wrong. "dual-homed" means it has two network interfaces;
all routers are dual-homed at least. ISPs are not allowed to hijack the
terminology any more that the Linux losers are.
> > I completely fail to see that you have actually stated a problem yet.
> >
> > What exactly is the problem you think you're trying to solve here?
> >
>
> Consider the following. I have to restate this every damn couple
> of weeks to get it through. Here is the problem:
>
> ISP#1 ISP#2
> | |
> | |
> --- xl0 FreeBSD xl1 -----
> xl2
> |
> |
> Internal network
> |
> |
> Machine 1
Your FreeBSD machine in this example has three interfaces, and needs to run
a routing daemon. This typically means either routed or gated.
> Packet 1 comes in through ISP #2 network. It comes into your
> internal network to machine 1. Machine 1 replies to the
> packet...but where does it go? It will exit through interface
> to ISP #1 because of the default gateway. It came in ISP #2 and
> left out ISP #1. There is your problem.
The default route for Machine 1 should be, of course, the FreeBSD machine.
Having a default route on the FreeBSD machine is a configuration error,
because a default route doesn't make sense in the case of such a machine.
You *must* run a routing daemon and use a routing protocol compatible with
ISP#1 and ISP#2.
I think you were trying to say "route table" instead of "route cache", which
does make sense with this setup. The simple answer is get a copy of a good
book on TCP/IP network administration, learn how to configure routed, and
use the stuff the way it was meant to be used.
> What if you are running nat in this case....your hosed.
Why?
> You can check out route-cache at Cisco's online site. It may help
> to clarify as to why you would want to do this.
Just use a routing protocol, that's what they were designed for.
> If you check the -net mailing list this problem re-occurs over and
> over and over and over and over. To which there is a work around
> that's a bit messy.
Lots of problems occur over and over again, that's why people write books
to explain things like this. Trying to fit some half-baked notion of
how IP routing is supposed to work in the code isn't a solution.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
[EMAIL PROTECTED] http://softweyr.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
